Transcription
Importing KasperskyThreat Data Feeds toRSA NetWitnessProduct version: 1.0
Dear User,Thank you for choosing Kaspersky Lab as your security software provider. We hope that this document helps youto use our product.Attention! This document is the property of AO Kaspersky Lab (herein also referred to as Kaspersky Lab). All rightsto this document are reserved by the copyright laws of the Russian Federation and by international treaties. Illegalreproduction and distribution of this document or parts hereof incur civil, administrative, or criminal liability underapplicable law.Any type of reproduction or distribution of any materials, including translations, is allowed only with the writtenpermission of Kaspersky Lab.This document, and graphic images related to it, may be used for informational, non-commercial, and personalpurposes only.Kaspersky Lab reserves the right to amend this document without additional notification.Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any materials used in thisdocument to which rights are held by third parties, or for any potential harms associated with use of the document.Registered trademarks and service marks used in this document are the property of their respective owners.Document revision date: 09.09.2019 2019 AO Kaspersky Lab. All Rights persky.comhttps://support.kaspersky.com
Contents1.Introduction . 42.Hardware and software requirements . 63.Distribution kit contents . 74.Scenario: Feeds integration with RSA NetWitness . 85.Configuring Kaspersky Feed Utility . 96.Scenario: Importing Kaspersky Threat Data Feeds to RSA NetWitness . 116.1.Configuring RSA NetWitness for downloading feeds . 116.2.Adding Kaspersky Threat Data Feeds to RSA NetWitness . 156.3.Specifying parsing rules for Kaspersky Threat Data Feeds . 177.Configuring the updating of Kaspersky Threat Data Feeds in RSA NetWitness . 208.Adding and removing context fields . 249.The kl feed for rsa script . 2610.AO Kaspersky Lab . 27Contents3
IntroductionKaspersky Threat Data Feeds can be imported to RSA NetWitness. RSA NetWitness will match indicatorscontained in Kaspersky Threat Data Feeds to event fields that are in events received by RSA NetWitness. If amatch is detected, RSA NetWitness will add context from the corresponding Kaspersky Threat Data Feeds recordto an event.You can import the following sets of Kaspersky Threat Data Feeds to RSA NetWitness: IP Reputation Data Feed—IP addresses with context covering spam hosts, malicious hosts, phishing hosts,Tor exit nodes, proxies, and botnet C&C servers. Botnet CnC URL Data Feed—URLs and hashes with context that refer to desktop botnet C&C servers andrelated malicious objects. Malicious URL Data Feed—URLs with context that refer to malicious websites and web pages. Phishing URL Data Feed—URLs with context that refer to phishing websites and web pages. Malicious Hash Data Feed—File hashes with corresponding context covering the most dangerous,prevalent, or emerging malware. P-SMS Trojan Data Feed—Trojan hashes with corresponding context for detecting SMS Trojans that sendpremium-rate SMS messages to mobile users as well as enable attackers to steal, delete, and respond toSMS messages. Mobile Botnet URL Data Feed—URLs with context that cover mobile botnet C&C servers. APT IP Data Feed—IP addresses that belong to the infrastructure used in APT campaigns. APT Hash Data Feed—Hashes that cover malicious artifacts used by APT actors to conduct APTcampaigns APT URL Data Feed—Domains that belong to the infrastructure used in APT campaigns. Mobile Hash Data Feed—Hashes with context for detecting malicious objects that infect mobile GoogleAndroid and Apple iPhone devices. Ransomware URL Data Feed—URLs, domains, and hosts with context that cover ransomware links andwebsites. IoT URL Data Feed—URLs with context covering malicious links used to download malware that infectsdevices that are enabled for Internet of Things (IoT). Vulnerability Data Feed—File hashes with context that cover vulnerabilities in applications and coverexploits that use those vulnerabilities.The process of importing Kaspersky Threat Data Feeds is done using Kaspersky Feed Utility and thekl feed for rsa script. The feeds are downloaded and converted to a format that can be imported to RSANetWitness.You can also use Kaspersky CyberTrace to integrate Kaspersky Threat Data Feeds with RSA NetWitness.Kaspersky CyberTrace offers the following features: Kaspersky CyberTrace is flexible and can be easily integrated into an existing infrastructure, which allowsyou to avoid the challenges of integrating threat intelligence feeds with RSA NetWitness. Kaspersky CyberTrace does not hinder the performance of existing security controls and does not missdetections. The process of parsing and matching incoming data happens inside Kaspersky CyberTrace.This reduces the load on the existing SIEM solution.Introduction4
Kaspersky CyberTrace helps to reduce the frequency of false positives.For additional information about integrating Kaspersky Threat Data Feeds with RSA NetWitness, n5
Hardware and software requirementsThis section describes the system requirements of Kaspersky Feed Utility and the kl feed for rsa script.Supported operating systemsKaspersky Feed Utility runs on 64-bit Linux operating system.Hardware requirementsKaspersky Feed Utility requires 800 megabytes (MB) of hard disk space.Software requirementsTo run the kl feed for rsa script, Python version 3.0 or later is required.Software requirements for integrationWhen integrating with RSA NetWitness, Kaspersky Feed Utility requires RSA NetWitness version 11.2.Network requirementsThe computer on which Feed Utility runs must have access to the website https://wlinfo.kaspersky.com/. Use TCPport 443 as the destination port.The computer where Kaspersky Feed Utility and the kl feed for rsa script run must have an HTTP serviceinstalled. You can use any HTTP service that gives access to files using HTTP protocol.RSA NetWitness sends requests to this HTTP service to download Kaspersky Threat Data Feeds.Hardware and software requirements6
Distribution kit contentsThe table below describes the package contents.File nameCommentsbin/kl feed utilFeed Utility binary file.bin/kl feed for rsa.pyScript for convertingKaspersky Threat DataFeeds to the formatrequired by RSANetWitness.bin/kl feed util.confKaspersky Feed Utilityconfiguration file.bin/kl feed util.shScript for the serial callingthe kl feed util utilityand thekl feed for rsa.pyscript.doc/Kaspersky Feed Utility.htmlKaspersky Feed Utilitydocumentation.doc/license.txtEnd User LicenseAgreement (EULA).doc/legal notices.txtInformation about thirdparty code.doc/Importing Threat Data Feeds to RSA Netwitness.pdfInstruction on how tointegrate Kaspersky ThreatData Feeds with RSANetWitnessDistribution kit contents7
Scenario: Feeds integration with RSANetWitnessThe scenario for integration of Kaspersky Threat Data Feeds with RSA NetWitness proceeds in stages:1. Every 15 minutes, the cron utility runs Kaspersky Feed Utility.2. Kaspersky Feed Utility downloads Kaspersky Threat Data Feeds from the wlinfo.kaspersky.com server.3. The kl feed for rsa script converts files (containing Kaspersky Threat Data Feeds indicators) that areto be imported to RSA NetWitness.4. Every 30 minutes, RSA NetWitness sends an HTTP request to the computer on which Kaspersky FeedUtility runs, and downloads files containing indicators from Kaspersky Threat Data Feeds.Scenario: Feeds integration with RSA NetWitness8
Configuring Kaspersky Feed UtilityThis section explains how to configure Feed Utility for importing Kaspersky Threat Data Feeds. To configure Kaspersky Feed Utility:1. On the computer that has the HTTP service, create the /opt/kaspersky/feed util directory.2. Unpack the archive containing Kaspersky Feed Utility and kl feed for rsa to this directory.3. Copy the certificate for downloading Kaspersky Threat Data Feeds to the/opt/kaspersky/feed util/bin directory.Make sure that the certificate name is feeds.pem.4. Open the /opt/kaspersky/feed util/bin/kl feed util.conf configuration file.5. Locate the FeedsDir element. In this element, specify the full path to a directory where the processedfeeds will be stored.This directory must be located on the computer that has the HTTP service. RSA NetWitness will downloadfeeds from this directory by using the HTTP protocol. Make sure that RSA NetWitness can access thecontents of this directory by using HTTP.6. Read and accept the End User License Agreements (EULA) by specifying the accepted value in theEULA element.Kaspersky Feed Utility runs only if the EULA is accepted.7. In the enabled attribute of necessary feeds, specify true.Do not enable demo feeds and commercial feeds at the same time.8. In the AddURLProtocol element, specify 0 if the events received by RSA NetWitness are not containedthe protocol in the URL field.9. Save and close the /opt/kaspersky/feed util/bin/kl feed util.conf configuration file.10. If necessary, specify proxy settings for Kaspersky Feed Utility so that it has access towlinfo.kaspersky.com.To specify the proxy settings, run the kl feed util file with the —set-proxyusername:password@host:port parameter. Here, username:password is the user name andpassword for authentication on the proxy server (if necessary), and host:port constitutes the addressand port of the proxy server.Example: ./kl feed util --set-proxy 'user:pass@proxy.example.com:3128'11. On the computer with the HTTP service, run the following commands to set up regular updating ofKaspersky Threat Data Feeds:crontab -l /tmp/crontab listecho "*/15 * * * * /opt/kaspersky/feed util/bin/kl feed util.sh" /tmp/crontab listcrontab /tmp/crontab listKaspersky Threat Data Feeds will be updated every 15 minutes.Configuring Kaspersky Feed Utility9
12. Run the /opt/kaspersky/feed util/bin/kl feed util.sh script.If no errors occur, the following message will be printed to the console:[OK]Make sure that no errors occur during the feeds update and Kaspersky Threat Data feeds download. The feeds aredownloaded to the directory specified in the FeedsDir element of the kl feed util.conf configuration file.If errors occur, they will be printed to the console.Configuring Kaspersky Feed Utility10
Scenario: Importing Kaspersky ThreatData Feeds to RSA NetWitnessThe scenario to import Kaspersky Threat Data Feeds to RSA NetWitness proceeds in stages:1. Configuring RSA NetWitness (on page 11).2. Adding Kaspersky Threat Data Feeds to RSA NetWitness (on page 15).3. Specifying parsing rules for Kaspersky Threat Data Feeds (on page 17).In this chapterConfiguring RSA NetWitness for downloading feeds . 11Adding Kaspersky Threat Data Feeds to RSA NetWitness . 15Specifying parsing rules for Kaspersky Threat Data Feeds . 17Configuring RSA NetWitness for downloading feedsThis section explains how to configure RSA NetWitness for downloading feeds. To configure RSA NetWitness for downloading feeds:1. Open the Admin/Services page of the RSA NetWitness web interface.2. In the Log Decoder actions, select View Config.Scenario: Importing Kaspersky Threat Data Feeds to RSA NetWitness11
3. On the Files tab, in the left drop-down list, select index-logdecoder-custom.xml.4. In the input window, add the following after the line !-- *** Please insert your customkeys or modifications below this line *** -- : !--Kaspersky Threat Data Feeds metafields-- key description "Threat score of IP" format "Text"level "IndexNone" name "kl.threat score" defaultAction "Open"/ key description "Top 100 ports through which attackersdownloaded malware from this resource" format "Text" level "IndexNone"name "kl.ports" defaultAction "Open"/ key description "Threat category" format "Text"level "IndexNone" name "kl.category" defaultAction "Open"/ key description "Threat level" format "Text"level "IndexNone" name "kl.severity" defaultAction "Open"/ key description "Date of first detect" format "Text"level "IndexNone" name "kl.first seen" defaultAction "Open"/ key description "Date of last detect" format "Text"level "IndexNone" name "kl.last seen" defaultAction "Open"/ key description "Index of popularity" format "Text"level "IndexNone" name "kl.popularity" defaultAction "Open"/ key description "Threat name" format "Text"level "IndexNone" name "kl.threat" defaultAction "Open"/ key description "Behaviour of threat" format "Text"level "IndexNone" name "kl.behaviour" defaultAction "Open"/ key description "Associated url" format "Text"level "IndexNone" name "kl.mask" defaultAction "Open"/ Scenario: Importing Kaspersky Threat Data Feeds to RSA NetWitness12
key description "The category of organization the attackis aimed at" format "Text" level "IndexNone" name "kl.industry"defaultAction "Open"/ key description "The name of the attack to which the filebelongs." format "Text" level "IndexNone" name "kl.pub name"defaultAction "Open"/ key description "Name of Kaspersky Threat Data Feed"format "Text" level "IndexNone" name "kl.feed name"defaultAction "Open"/ !-- END -- 5. Click Apply.6. Open the Admin/Services page.7. In the Concentrator actions, select View Config.8. In the Files drop-down list, select index-concentrator-custom.xml.9. In the input window, add the following after the line !-- *** Please insert your customkeys or modifications below this line *** -- : !--Kaspersky Threat Data Feeds metafields-- key description "Threat score of IP" format "Text"level "IndexValues" name "kl.threat score" valueMax "0"defaultAction "Open"/ key description "Top 100 ports through which attackersdownloaded malware from this resource" format "Text" level "IndexNone"name "kl.ports" valueMax "0" defaultAction "Open"/ Scenario: Importing Kaspersky Threat Data Feeds to RSA NetWitness13
key description "Threat category" format "Text"level "IndexValues" name "kl.category" valueMax "0"defaultAction "Open"/ key description "Threat level" format "Text"level "IndexValues" name "kl.severity" valueMax "0"defaultAction "Open"/ key description "Date of first detect" format "Text"level "IndexNone" name "kl.first seen" valueMax "0"defaultAction "Open"/ key description "Date of last detect" format "Text"level "IndexNone" name "kl.last seen" valueMax "0"defaultAction "Open"/ key description "Index of popularity" format "Text"level "IndexValues" name "kl.popularity" valueMax "0"defaultAction "Open"/ key description "Threat name" format "Text"level "IndexValues" name "kl.threat" valueMax "0"defaultAction "Open"/ key description "Behaviour of threat" format "Text"level "IndexNone" name "kl.behaviour" valueMax "0"defaultAction "Open"/ key description "Associated url" format "Text"level "IndexValues" name "kl.mask" valueMax "0" defaultAction "Open"/ key description "The category of organization the attackis aimed at" format "Text" level "IndexNone" name "kl.industry"valueMax "0" defaultAction "Open"/ key description "The name of the attack to which the filebelongs." format "Text" level "IndexNone" name "kl.pub name"valueMax "0" defaultAction "Open"/ key description "Name of Kaspersky Threat Data Feed"format "Text" level "IndexValues" name "kl.feed name" valueMax "0"defaultAction "Open"/ !-- END -- 10. Click Apply.11. Open the Admin/Services page.12. In the Concentrator and Log Decoder actions, click Restart and accept the service restart.During a restart of Log Decoder, RSA NetWitness does not receive event sources data.Scenario: Importing Kaspersky Threat Data Feeds to RSA NetWitness14
Adding Kaspersky Threat Data Feeds to RSA NetWitnessThis section explains how to add Kaspersky Threat Data Feeds to RSA NetWitness. To add Kaspersky Threat Data Feeds to RSA NetWitness:1. Open the Configure/Custom Feeds page.2. Click the button to add a new feed.3. Select Custom Feed.4. Click Next.5. On the Define Feed page, perform the following:a) In the Feed Type field, specify the CSV value.b) In the Feed Task Type field, specify the Recurring value.c) In the Name field, specify the name of the feed that you want to add.In the Name field, you can specify only Latin letters. Punctuation marks are not allowed.d) In the URL field, specify the URL address of the feed that you add. For example,http://10.16.178.57:8000/kl ip reputation data feed.csv.e) If you add a feed with a URL, select Define Upload As Csv File.It is recommended to click the Verify button to make sure that RSA NetWitness has access to thefeed.Scenario: Importing Kaspersky Threat Data Feeds to RSA NetWitness15
f)In the Recur Every field, specify 30 Minutes.g) Click Next.6. On the Select Services page, specify a Log Decoder that must use the downloaded feed to match withevents received by this decoder.7. Click Next.8. On the Define Columns page, specify parsing settings for Kaspersky Threat Data Feeds in RSANetWitness (for more information, see page 17).9. Click Next.10. On the Review page, check that all specified settings are correct.11. Click Finish if all specified settings are correct.If the feed is added successfully, this feed is given the Completed status on the Configure/Custom Feedspage.Scenario: Importing Kaspersky Threat Data Feeds to RSA NetWitness16
After the actions above are performed, Log Decoder will match the fields from the received events with indicatorsfrom the downloaded feed. If a match is detected, the context from the Kaspersky Threat Data Feed record withmatching indicator will be added to the event:Specifying parsing rules for Kaspersky Threat Data FeedsEach feed must be imported to RSA NetWitness using the settings below.For feeds that contain the URL of malicious feeds (kl malicious url data feed.csv,kl botnetcnc url data feed.csv, kl phishing url data feed.csv, kl mobile botnet url data feed.csv,kl ransomware url data feed.csv, kl iot url data feed.csv), the following are required: The Type field must contain the Non IP value. The Index Column field must contain the 1 value. The Service Type field must contain the 0 value. The Truncate Domain field must contain the not checked value.Scenario: Importing Kaspersky Threat Data Feeds to RSA NetWitness17
The Callback Key(s) field must contain all of the RSA NetWitness fields, which can include URLs (forexample, the url field). The Define Values table must contain metafields that have names similar to the names of the feed fields:If the drop-down list of the Define Values table does not contain a value similar to the date field inthe feed, select the kl.first seen value.For feeds that contain malicious domains (kl malicious url data feed domain.csv,kl botnetcnc url data feed domain.csv, kl phishing url data feed domain.csv,kl mobile botnet url data feed domain.csv, kl apt url data feed domain.csv,kl ransomware url data feed domain.csv), the following is required: The Type field must contain the Non IP value. The Index Column field must contain the 1 value. The Service Type field must contain the 0 value. The Truncate Domain field must contain the checked value.Scenario: Importing Kaspersky Threat Data Feeds to RSA NetWitness18
The Callback Key(s) field must contain all of the RSA NetWitness fields, which can include domains (forexample, the domain and domain.dst field). The Define Values table must contain metafields that have names similar to the names of the feed fields.For feeds that contain malicious hosts (kl malicious url data feed host.csv,kl botnetcnc url data feed host.csv, kl phishing url data feed host.csv,kl mobile botnet url data feed host.csv, kl ransomware url data feed host.csv,kl apt url data feed host.csv), the following is required: The Type field must contain the Non IP value. The Index Column field must contain the 1 value. The Service Type field must contain the 0 value. The Truncate Domain field must contain the not checked value. The Callback Key(s) field must contain all of the RSA NetWitness fields, which can include hosts (forexample, the host.dst and host.src fields). The Define Values table must contain metafields that have names similar to the names of the feed fields.For feeds that contain malicious hashes (kl botnetcnc url data feed checksum.csv,kl ip reputation data feed checksum.csv, kl malicious hash data feed.csv,kl psms trojan data feed.csv, kl mobile botnet url data feed checksum.csv,kl apt hash data feed.csv, kl mobile botnet data feed.csv,kl ransomware url data feed checksum.csv, kl iot url data feed checksum.csv,kl vulnerability data feed vuln.csv, kl vulnerability data feed exploits.csv,kl malicious url data feed checksum.csv), the following are required: The Type field must contain the Non IP value. The Index Column field must contain the 1 value. The Service Type field must contain the 0 value. The Truncate Domain field must contain the not checked value. The Callback Key(s) field must contain all of the RSA NetWitness fields, which can include hashes (forexample, the checksum field). The Define Values table must contain metafields that have names similar to the names of the feed fields.For feeds that contain IPs (kl ip reputation data feed.csv, kl apt ip data feed.csv), the following is required: The Type field must contain the IP value. The Index Column field must contain the 1 value. The CIDR field must contain the not checked value. The Define Values table must contain metafields that have names similar to the names of the feed fields.Scenario: Importing Kaspersky Threat Data Feeds to RSA NetWitness19
Configuring the updating ofKaspersky Threat Data Feeds in RSANetWitnessThis section describes the pre-defined settings for the Kaspersky Threat Data Feeds updating in RSA NetWitness.The following settings are available: A set of fields that is specified in the RequiredFields element and is downloaded to RSA NetWitnessfrom the feeds. Filters that apply to the feeds.By default, the first 100 000 records with the most popular indicators are downloaded, keeping the RSA NetWitnessperformance rate and detection rate in balance:FeedsSet of fieldsFiltersMalicious URL Exact Data Feedurls/urldomains/domainhosts/hostpopularitylast seenfirst hreatFirst 100 000 records.BotnetCnC URL Exact Data Feedurls/urldomains/domainhosts/hostpopularitylast seenfirst seenthreatfiles/MD5files/SHA1files/SHA256First 100 000 records.Configuring the updating of Kaspersky Threat Data Feeds in RSA NetWitness20
Demo BotnetCnC URL Data Feedmasktypepopularitylast seenfirst seenthreatfiles/MD5files/SHA1files/SHA256First 100 000 records.Phishing URL Exact Data Feedurls/urldomains/domainhosts/hostlast seenfirst seenpopularityindustryFirst 100 000 records.IP Reputation Data Feedipthreat scorecategorylast seenfirst /threatRecords with a threat scorevalue greater than 75.md5sha1sha256last seenfirst seenpopularitythreatFirst 100 000 records.MD5DateAV VerdictFirst 100 000 records.Demo IP Reputation Data FeedMalicious Hash Data FeedDemo Malicious Hash Data FeedP-SMS Trojan Data FeedConfiguring the updating of Kaspersky Threat Data Feeds in RSA NetWitness21
Mobile Botnet URL Data opularitylast seenfirst seenfiles/BehaviourFirst 100 000 records.APT IP Data Feedipdetection datepublication nameFirst 100 000 records.APT Hash Data FeedMD5detection datepublication nameFirst 100 000 records.APT URL Data Feedmasktypedetection datepublication nameFirst 100 000 records.Mobile Malicious Hash Feedmd5sha1sha256last seenfirst seenpopularitythreatFirst 100 000 records.Ransomware URL Data Feedmasktypelast seenfirst /threatFirst 100 000 records.Configuring the updating of Kaspersky Threat Data Feeds in RSA NetWitness22
IoT URL Data Feedmasktypelast seenfirst iles/threatFirst 100 000 records.Vulnerability Data Feeddetection dateseverityvulnerable files/md5vulnerable files/sha1vulnerable 56exploits/threatFirst 100 000 records.Configuring the updating of Kaspersky Threat Data Feeds in RSA NetWitness23
Adding and removing context fieldsAll of the fields, which are imported from Kaspersky Threat Data Feeds to RSA NetWitness, are specified in theRequiredFields element of the kl feed util.conf configuration file. You can add fields to this elementand remove fields from this element. The fields below cannot be removed, because all of these contain matchingindicators: type—For the Ransomware URL, Mobile Botnet URL, Demo BotnetCnC URL, APT URL, IoT URL feeds mask—For the Ransomware, Mobile BotnetC&C , Demo BotnetC&C URL, BotnetC&C URL, APT, IoT URLfeeds MD5 ipIf the fields is removed from / added to the RequiredFields element and the feed has been imported to RSANetWitness, perform the following:1. Open the Configure/Custom Feeds page in RSA NetWitness.2. Open the feed settings.3. On the Define Columns page, update the settings. If the added field is not needed to search in RSANetWitness, specify the name of this field in the Define Values table.If the field is added to the RequiredFields element, and this field is not included in the list from step 4 of theprocedure to configure RSA NetWitness for downloading feeds (see page 11), and you also want to search valuesfrom this field in RSA NetWitness, perform the following:1. Open the Admin/Services page of the RSA NetWitness web interface.2. In the Log Decoder actions, select View Config.3. In the Files drop-down list, select index-logdecoder-custom.xml.4. In the input window, add the following after the line !--Kaspersky Threat Data Feedsmetafields-- : key description "%DESCRIPTION%" format "Text" level "IndexNone"name "kl.%FIELD NAME%" defaultAction "Open"/ , where %DESCRIPTION% is a briefdescription of the field, and %FIELD NAME% is a field name (the maximum number of characters is 13).5. Click Apply.6. Open the Admin/Services page.7. In the Concentrator actions, select View Config.8. In the Files drop-down list, select index-concentrator-custom.xml.In the input window, add the following after the line !--Kaspersky Threat Data Feedsmetafields-- key description "%DESCRIPTION%" format "Text" level "IndexValues"name "kl.%FIELD NAME%" defaultAction "Open"/ where %DESCRIPTION% is a brief description of the field, and %FIELD NAME% is a field name (themaximum number of characters is 13).9. Click Apply.Adding and removing context fields24
10. Open the Admin/Services page.11. In the Concentrator and LogDecoder actions, click Restart and accept the service restart. Note that whileLogDecoder restarts, RSA NetWitness does not receive event sources data.Adding and removing context fields25
The kl feed for rsa scriptThe kl feed for rsa script performs the following:1. Processes Kaspersky Threat Data Feeds, which are located in the directory that is specified in theFeedsDir element of the kl feed util.conf configuration file. The configuration file has to belocated in the same directory with the kl feed for rsa script.2. Makes CSV files with Kaspersky Threat Data Feeds contents.3. Saves these CSV files to the directory, which is specified in the FeedsDir element of thekl feed util.conf configuration file.The kl feed for rsa script26
AO Kaspersky LabKaspersky Lab is a world-renowned vendor of systems protecting computers against digital threats, includingviruses and other malware, unsolicited email (spam), and network and hacking attacks.In 2008, Kaspersky Lab was rated among the world’s top four leading vendors of information security softwaresolutions for end users (IDC Worldwide Endpoint Security Revenue by Vendor). Kaspersky Lab is the preferredvendor of computer protection systems for home users in Russia (IDC Endpoint Tracker 2014).Kaspersky Lab was founded in Russia in 1997. It has since grown into an international group of companies with 38offices in 33 countries. The company employs more than 3,000 skilled professionals.Products. Kaspersky Lab products provide protection for all systems, from home computers to large corporatenetworks.The personal product range includes security applications for desktop, laptop, and tablet computers, smartphonesand other mobile devices.The company offers protection and control solutions and technologies for workstations and mobile devices, v
3. The kl_feed_for_rsa script converts files (containing Kaspersky Threat Data Feeds indicators) that are to be imported to RSA NetWitness. 4. Every 30 minutes, RSA NetWitness sends an HTTP request to the computer on which Kaspersky Feed Utility runs, and downloads files containing indicators from Kaspersky Threat Data Feeds.
![Kaspersky Antivirus 6.0.4.1424. Key File 18 [REPACK]](/img/59/maramon.jpg)
![Kaspersky Password Manager 9.0.1.447 Crack [BETTER]](/img/55/kaspersky-password-manager-901447-crack-better.jpg)
